⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-32550
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 7 months, 3 weeks ago
Landscape's Apache server-status is accessible by default

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3
CVE-2023-32549
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 7 months, 3 weeks ago
Landscape insecure token generation

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-22511
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 3 weeks ago
WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39.

slide
=<0.0.39

pkgs.slides

Terminal based presentation tool

pkgs.openslide

C library that provides a simple interface to read whole-slide images

pkgs.manim-slides

Tool for live presentations using manim

pkgs.dvd-slideshow

Suite of command line programs that creates a slideshow-style video from groups of pictures

pkgs.slides.x86_64-linux

Terminal based presentation tool

pkgs.slides.aarch64-linux

Terminal based presentation tool

pkgs.slides.x86_64-darwin

Terminal based presentation tool

pkgs.slides.aarch64-darwin

Terminal based presentation tool

pkgs.gnomeExtensions.backslide

Automatic background-image (wallpaper) slideshow for Gnome Shell
  • nixos-unstable 33
    • nixos-unstable-small 33
    • nixpkgs-unstable 33

pkgs.python311Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python311Packages.manim-slides

Tool for live presentations using manim

pkgs.python312Packages.manim-slides

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev

pkgs.python311Packages.textual-slider

Textual widget for a simple slider

pkgs.python312Packages.textual-slider

Textual widget for a simple slider

pkgs.gnomeExtensions.wallpaper-slideshow

Wallpaper slideshow extension. Optionally downloads BING wallpaper of the day.
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.python312Packages.openslide.x86_64-linux

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.gnomeExtensions.keyboard-backlight-slider

Allow setting the keyboard backlight brightness with a slider in the main menu
  • nixos-unstable 6
    • nixos-unstable-small 6
    • nixpkgs-unstable 6

pkgs.python312Packages.openslide.aarch64-linux

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.openslide.x86_64-darwin

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.gnomeExtensions.night-light-slider-updated

Kiyui's Night Light Slider updated for GNOME >= 45. Provides a slider in the quick settings menu to control the night light temperature. Some nice options can be set in the extension preferences menu. Original implementation: https://codeberg.org/kiyui/gnome-shell-night-light-slider-extension/
  • nixos-unstable 12
    • nixos-unstable-small 12
    • nixpkgs-unstable 12

pkgs.python312Packages.openslide.aarch64-darwin

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.manim-slides.x86_64-linux

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev.x86_64-linux

pkgs.python312Packages.manim-slides.aarch64-linux

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev.aarch64-linux

pkgs.vscode-extensions.antfu.slidev.x86_64-darwin

pkgs.python312Packages.textual-slider.x86_64-linux

Textual widget for a simple slider

pkgs.vscode-extensions.antfu.slidev.aarch64-darwin

pkgs.python312Packages.textual-slider.aarch64-linux

Textual widget for a simple slider

pkgs.python312Packages.textual-slider.x86_64-darwin

Textual widget for a simple slider

pkgs.python312Packages.textual-slider.aarch64-darwin

Textual widget for a simple slider

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.x86_64-linux

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.aarch64-linux

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.x86_64-darwin

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.aarch64-darwin

Package maintainers: 9
CVE-2023-32551
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 7 months, 3 weeks ago
Landscape Open Redirect

Landscape allowed URLs which caused open redirection.

landscape
<19.10.05

pkgs.terraform-landscape

Improve Terraform's plan output to be easier to read and understand

pkgs.ue4demos.landscape_mountains

Unreal Engine 4 Linux demos
  • nixos-unstable ???
    • nixos-unstable-small
    • nixpkgs-unstable
Package maintainers: 3
CVE-2025-22534
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 3 weeks ago
WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39.

slide
=<0.0.39

pkgs.slides

Terminal based presentation tool

pkgs.openslide

C library that provides a simple interface to read whole-slide images

pkgs.manim-slides

Tool for live presentations using manim

pkgs.dvd-slideshow

Suite of command line programs that creates a slideshow-style video from groups of pictures

pkgs.slides.x86_64-linux

Terminal based presentation tool

pkgs.slides.aarch64-linux

Terminal based presentation tool

pkgs.slides.x86_64-darwin

Terminal based presentation tool

pkgs.slides.aarch64-darwin

Terminal based presentation tool

pkgs.gnomeExtensions.backslide

Automatic background-image (wallpaper) slideshow for Gnome Shell
  • nixos-unstable 33
    • nixos-unstable-small 33
    • nixpkgs-unstable 33

pkgs.python311Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.openslide

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python311Packages.manim-slides

Tool for live presentations using manim

pkgs.python312Packages.manim-slides

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev

pkgs.python311Packages.textual-slider

Textual widget for a simple slider

pkgs.python312Packages.textual-slider

Textual widget for a simple slider

pkgs.gnomeExtensions.wallpaper-slideshow

Wallpaper slideshow extension. Optionally downloads BING wallpaper of the day.
  • nixos-unstable 10
    • nixos-unstable-small 10
    • nixpkgs-unstable 10

pkgs.python312Packages.openslide.x86_64-linux

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.gnomeExtensions.keyboard-backlight-slider

Allow setting the keyboard backlight brightness with a slider in the main menu
  • nixos-unstable 6
    • nixos-unstable-small 6
    • nixpkgs-unstable 6

pkgs.python312Packages.openslide.aarch64-linux

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.openslide.x86_64-darwin

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.gnomeExtensions.night-light-slider-updated

Kiyui's Night Light Slider updated for GNOME >= 45. Provides a slider in the quick settings menu to control the night light temperature. Some nice options can be set in the extension preferences menu. Original implementation: https://codeberg.org/kiyui/gnome-shell-night-light-slider-extension/
  • nixos-unstable 12
    • nixos-unstable-small 12
    • nixpkgs-unstable 12

pkgs.python312Packages.openslide.aarch64-darwin

Python bindings to the OpenSlide library for reading whole-slide microscopy images

pkgs.python312Packages.manim-slides.x86_64-linux

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev.x86_64-linux

pkgs.python312Packages.manim-slides.aarch64-linux

Tool for live presentations using manim

pkgs.vscode-extensions.antfu.slidev.aarch64-linux

pkgs.vscode-extensions.antfu.slidev.x86_64-darwin

pkgs.python312Packages.textual-slider.x86_64-linux

Textual widget for a simple slider

pkgs.vscode-extensions.antfu.slidev.aarch64-darwin

pkgs.python312Packages.textual-slider.aarch64-linux

Textual widget for a simple slider

pkgs.python312Packages.textual-slider.x86_64-darwin

Textual widget for a simple slider

pkgs.python312Packages.textual-slider.aarch64-darwin

Textual widget for a simple slider

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.x86_64-linux

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.aarch64-linux

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.x86_64-darwin

pkgs.vscode-extensions.ms-toolsai.vscode-jupyter-slideshow.aarch64-darwin

Package maintainers: 9
CVE-2023-6277
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 3 weeks ago
Libtiff: out-of-memory in tiffopen via a craft file

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

iv
tkimg
libtiff
mingw-libtiff
compat-libtiff3

pkgs.libtiff

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-linux

Library and utilities for working with the TIFF image file format

pkgs.libtiff.x86_64-darwin

Library and utilities for working with the TIFF image file format

pkgs.libtiff.aarch64-darwin

Library and utilities for working with the TIFF image file format
Package maintainers: 7
CVE-2023-6596
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 3 weeks ago
Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325)

An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.

openshift
<4.12.48
<4.11.58
openshift4/ose-olm-rukpak-rhel8
openshift4/ose-operator-lifecycle-manager
*

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

pkgs.python311Packages.openshift

Python client for the OpenShift API

pkgs.python312Packages.openshift

Python client for the OpenShift API

pkgs.python312Packages.openshift.x86_64-linux

Python client for the OpenShift API

pkgs.python312Packages.openshift.aarch64-linux

Python client for the OpenShift API

pkgs.python312Packages.openshift.x86_64-darwin

Python client for the OpenShift API

pkgs.python312Packages.openshift.aarch64-darwin

Python client for the OpenShift API

pkgs.python311Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python

pkgs.python312Packages.azure-mgmt-redhatopenshift

Microsoft Azure Red Hat Openshift Management Client Library for Python
Package maintainers: 4
CVE-2024-45617
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 3 weeks ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

opensc
libopensc
<0.26.0

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

pkgs.openscenegraph

3D graphics toolkit

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vimPlugins.vim-openscad.x86_64-linux

pkgs.vimPlugins.vim-openscad.aarch64-linux

pkgs.vimPlugins.vim-openscad.x86_64-darwin

pkgs.vimPlugins.vim-openscad.aarch64-darwin

pkgs.vscode-extensions.antyos.openscad.x86_64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-linux

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.x86_64-darwin

OpenSCAD highlighting, snippets, and more for VSCode

pkgs.vscode-extensions.antyos.openscad.aarch64-darwin

OpenSCAD highlighting, snippets, and more for VSCode
Package maintainers: 8
CVE-2024-38789
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 7 months, 3 weeks ago
WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.

telegram-bot
=<3.8.2

pkgs.telegram-bot-api

Telegram Bot API server

pkgs.haskellPackages.telegram-bot-api

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-simple

Easy to use library for building Telegram bots

pkgs.python311Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-linux

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.x86_64-darwin

Python library to interface with the Telegram Bot API

pkgs.python312Packages.python-telegram-bot.aarch64-darwin

Python library to interface with the Telegram Bot API
Package maintainers: 5
CVE-2024-38766
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 7 months, 3 weeks ago
WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

matomo
=<5.1.1

pkgs.matomo

Real-time web analytics application

pkgs.matomo_5

Real-time web analytics application
Package maintainers: 11